You've got a bit of work to do... I assume that your servers are in a Win NT 4 domain I now assume you have users using both NT 4 and windows 2000 users logging on. I also assume you use Windows system policy for your users to apply policy. The issue with this is that it will only apply to NT 4 users and not your windows 2000 users. It sounds like you also use an AD policy for your users as well. Any AD users will get this policy. However because your machines are not in the AD domain you can't do loop back processing and you will get all policies from AD for these users. You will not get the AD machine polices. However these users don't get the system policy (NT4 style policies) To work around this you need to use local 2000 polices. Problem with this is you can't set these up for different groups of users like you can for NT 4 system policies. What you really need to do is get your servers into AD ASAP. You will still need the NT system policies for your users logging onto the NT4 domain. Lastly the other error regarding temporary profiles. If you look at your roaming profiles (assume you use those) and look at the owner you will see that the NT4 user has ownership. When the user tries to load this they get access denied. Sid history just doesn't seem to work. What you need to do is change the Owner of the profile to be the administrator. Then believe it or not the machine can load the profile because it has rights. Hope this helps. Been doing all this recently myself Malcolm -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jacob Walker Sent: 18 October 2004 12:49 To: thin@xxxxxxxxxxxxx Subject: [THIN] Roaming Profiles, Policies, and Active Directory We are in the midst of a migration from NT domains to an Active Directory domain. At this time, we are only migrating users and computers, and not servers. We are seeing issues in our Citrix/Terminal Server environments and wondered if someone could help. Users are migrating with SID history. However, when connecting to Citrix servers using their roaming profiles, the follow errors are generated: App: E 'Mon Oct 18 07:33:23 2004': Userenv - " Windows cannot do loopback processing when the computer is joined to a downlevel domain or is a member of a workgroup. Loopback processing will be disabled. " App: E 'Mon Oct 18 07:33:22 2004': Userenv - " Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. " App: E 'Mon Oct 18 07:33:22 2004': Userenv - " Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. " Also, even though our Citrix servers are Windows 2000, we have been using NT-style policies while in the NT domain. Now, those policies are not applying when users migrated to Active Directory logon. Is there any way to get them to apply? We really aren't ready to move the servers to Active Directory right now. And, we imagine it will take many weeks to figure out how to configure and use a Group Poicy for the Citrix servers. In the meantime, this is becoming a pretty large issue. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! hthttp://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm *********************************************************************************** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com ******************************************************************************** ******************************************************** This Weeks Sponsor RTO Software Do you know which applications are abusing your CPU and memory? Would you like to learn? -- Free for a limited time! Get the RTO Performance Analyzer to quickly learn the applications, users, and time of day possible problems exist. http://www.rtosoft.com/enter.asp?id=320 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm